fix: reworked csrf

api/parameters/_index.yaml

@@ -1,10 +1,4 @@
 cursor:
   $ref: "./cursor.yaml"
 title_sort:
-  $ref: "./title_sort.yaml"
-accessToken:
-  $ref: "./access_token.yaml"
-csrfToken:
-  $ref: "./xsrf_token_cookie.yaml"
-csrfTokenHeader:
-  $ref: "./xsrf_token_header.yaml"
+  $ref: "./title_sort.yaml"

api/parameters/access_token.yaml

@@ -1,9 +0,0 @@
-name: access_token
-in: cookie
-required: true
-schema:
-  type: string
-  format: jwt
-example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.x.y"
-description: |
-  JWT access token.

api/parameters/xsrf_token_cookie.yaml

@@ -1,11 +0,0 @@
-name: xsrf_token
-in: cookie
-required: true
-schema:
-  type: string
-  pattern: "^[a-zA-Z0-9_-]{32,64}$"
-example: "abc123def456ghi789jkl012mno345pqr"
-description: |
-  Anti-CSRF token (Double Submit Cookie pattern).
-  Stored in non-HttpOnly cookie, readable by JavaScript.
-  Must be echoed in `X-XSRF-TOKEN` header for state-changing requests (POST/PUT/PATCH/DELETE).

api/parameters/xsrf_token_header.yaml

@@ -1,10 +0,0 @@
-name: X-XSRF-TOKEN
-in: header
-required: true
-schema:
-  type: string
-  pattern: "^[a-zA-Z0-9_-]{32,64}$"
-description: |
-  Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
-  Required for all state-changing requests (POST/PUT/PATCH/DELETE).
-example: "abc123def456ghi789jkl012mno345pqr"